Other
Targeted management
Standard targets that iDoperation can manage
iDoperation can automatically synchronize account information from the standard target, automatically interact with account operations (registration, modification, deletion) performed in iDoperation Web Console, and synchronize account information managed in iDoperation with the target (synchronous mode).
It also supports privileged access management on cloud services
iDoperation can manage privileged access to particular cloud services such as Azure AD, Office 365 and Amazon Web Services (AWS) as standard targets. It can temporarily grant privileged cloud service access based on approval and manage privileged access at the same level as your on-premises environment because it can automatically collect and periodically inspect access logs recorded by the cloud service.
● We solve customers' issues with privileged access management on cloud services
Each time privileged access is granted for a cloud service, it is granted by changing a password or activating or deactivating an account, wasting time and effort.
Cloud service capabilities can be used to limit the networks and devices from which they are accessed. However, it is not enough since privileged users can easily change the restrictions.
Servers are distributed on the cloud in addition to on-premises systems, making it difficult to manage them with gateway-type privileged access management tools.
Non-standard target management
Target systems (such as operating systems, databases, virtual environments, networking applications, cloud services, etc.) that have IP addresses and authenticate with identities and passwords but don’t provide standard support for iDoperation (can't synchronize account information or change passwords automatically) can be managed asynchronously or by placing and using bastion servers, etc. before the target. In addition, you can automate management by using the external ID management collaboration function.
● Manage asynchronously
When managing asynchronously, the administrator manually registers the account information (ID and password) registered on the target side to iDoperation in advance so it can grant privileged access based on approval as with normal targets. If you grant privileged access with a one-time password, the administrator must change the password for both iDoperation and the target each time you grant access.
● Manage using bastion server
The managing burden increases as the number of asynchronous manage targets, such as networking equipment, increases. In such cases, if you provide a dedicated bastion server that can access the target, the bastion server can be used as iDoperation’s target for access control.
